-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

SUMMARY
cPanel, L.L.C. has updated RPMs for EasyApache 4 with libcurl version 7.66.0 and OpenSSL version 1.0.2t. This release addresses vulnerabilities related to CVE-2019-5481, CVE-2019-5482, CVE-2019-1547, CVE-2019-1563, and CVE-2019-1552. We strongly encourage all libcurl users to upgrade to version 7.66.0 and all OpenSSL users to upgrade to version 1.0.2t.
 
 
AFFECTED VERSIONS
All versions of libcurl through 7.65.3
All versions of OpenSSL through 1.0.2s

 
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
 

CVE-2019-5481 - CRITICAL
libcurl 7.66.0
Fixed bug related to CVE-2019-5481

CVE-2019-5482 - CRITICAL
libcurl 7.66.0
Fixed bug related to CVE-2019-5482

CVE-2019-1547 - MEDIUM
OpenSSL 1.0.2t
Fixed bug related to CVE-2019-1547

CVE-2019-1563 - LOW
OpenSSL 1.0.2t
Fixed bug related to CVE-2019-1563

CVE-2019-1552 - LOW
OpenSSL 1.0.2t
Fixed bug related to CVE-2019-1552



SOLUTION
cPanel, L.L.C. has released updated RPMs for EasyApache 4 on September 17, 2019, with updated versions of libcurl 7.66.0 and OpenSSL 1.0.2t. Unless you have enabled automatic RPM updates in your cron, update your system with either yum update or WHM's Run System Update interface.

 
REFERENCES
https://nvd.nist.gov/vuln/detail/CVE-2019-5481
https://nvd.nist.gov/vuln/detail/CVE-2019-5482
https://nvd.nist.gov/vuln/detail/CVE-2019-1547
https://nvd.nist.gov/vuln/detail/CVE-2019-1563
https://nvd.nist.gov/vuln/detail/CVE-2019-1552
https://www.openssl.org/news/cl102.txt
https://curl.haxx.se/changes.html










-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAl2BGwkUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/wwhAAmyc1pYnYN9jSgnVWVZ6vOwTvzBLP
ssJTMCErHznvugaX4PsnaVB5e8mrOE5PXulpcSvoqZ9qBcWAhj6qocnhyao5mtyR
8arzpePAG8Hc1KKu0BPA9Aj9OrputYHjdoprvjpb7MlJJR1HKHcCiBWGJyWablSG
O0wkmk0I5Kk31OebcaGOeelyxRuXWiTAHGGOVcTI5wxmqs/uv2RFck9YiCYwkonv
2n5GvRCISHt596KWlVw5vAo9l7tmMVCog5I1201CKbQUKpN+1d4CrnQB3084t5jf
jshfo9xeybiaofiqboNkTObT827EjybDcbxB0lEAA0E7m5CIbN9bPyGEZGi59Cm3
pQMe1Xi9yMaHL7ye4iFnPbgyMEo6xNw/gddqLyq6wPHoLzw73zEWC49+QrgYfKmr
5w/PhMSWStTH1jUyGSknUzWxcceXtdhziMKzr0euxqKgjJQeLyi8D4ObBvYMEkoq
2sFz+B8zF+20rR4XJ+lmkQbwL1pxMIWB3xXmILBwqnGh1yy2UOI12/F2XOG6hPc3
G2u853dCeZ51KzrwIWtaQBT65+X6mBxgtVUF432kfNXPMQNzjnwSmBPgUMnekJ9T
aIILjVnQ7mOA6TrByAtc+pBc+XYP/v2TqXuZfkyQQu3tYanUUPcL6pauApQ8kfdw
LQRHJ82NNNjvPtU=
=Iavx
-----END PGP SIGNATURE-----